Advanced search
Publication Cover
HKIE Transactions Volume 21, 2014 - Issue 4: Special Issue with Award and Shortlisted Papers from the HKIE Outstanding Paper Award for Young Engineers/Researchers 2014
Journal homepage
186
Views
1
CrossRef citations to date
0
Altmetric
Award Papers

Enhancing the performance of signature-based network intrusion detection systems: an engineering approach

Weizhi MengDepartment of Computer Science, City University of Hong Kong, Hong Kong, People's Republic of ChinaCorrespondence[email protected]
&
Lam For KwokDepartment of Computer Science, City University of Hong Kong, Hong Kong, People's Republic of China
Pages 209-222 | Received 02 May 2014, Accepted 12 Aug 2014, Published online: 23 Dec 2014

References

  • Scarfone K, Mell P. Guide to intrusion detection and prevention systems (IDPS), NIST Special Publication 800–94, Feb 2007.
  • Roesch M. Snort: lightweight intrusion detection for networks. Proceedings of Usenix LISA Conference; 1999; Seattle, Washington, USA; p. 229–238.
  • Paxson V. Bro: a system for detecting network intruders in real-time. Comput Netw. 1999;31(23–24):2435–2463. doi: 10.1016/S1389-1286(99)00112-7
  • Sommer R, Paxson V. Outside the closed world: on using machine learning for network intrusion detection. Proceedings of IEEE symposium on security and privacy; 2010; Oakland, California, USA; p. 305–316.
  • Axelsson S. The base-rate fallacy and the difficulty of intrusion detection. ACM T Inform Syst Secur. 2000;3(3):186–205. doi: 10.1145/357830.357849
  • Dreger H, Feldmann A, Paxson V, Sommer R. Operational experiences with high-volume network intrusion detection. Proceedings of ACM Conference on Computer and Communications Security; 2004; Washington, DC, USA; p. 2–11.
  • Fisk M, Varghese G. An analysis of fast string matching applied to content-based forwarding and intrusion detection. Technical Report CS2001–0670, University of California, San Diego; 2002.
  • Pietraszek T. Using adaptive alert classification to reduce false positives in intrusion detection. Proceedings of the symposium on recent advances in intrusion detection; 2004; Sophia Antipolis, France; p. 102–124.
  • Meng W, Li W, Kwok LF. EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput Secur. 2014;43:189–204. doi: 10.1016/j.cose.2014.02.006
  • Sourdis I, Dimopoulos V, Pnevmatikatos D, Vassiliadis S. Packet pre-filtering for network intrusion detection. Proceedings of ACM/IEEE symposium on architectures for networking and communications systems; 2006; San Jose, CA, USA; p. 183–192.
  • Meng Y, Kwok LF. Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection. J Netw Comput Appl. 2014;39:83–92. doi: 10.1016/j.jnca.2013.05.009
  • Meng Y, Kwok LF, Li W. Towards designing packet filter with a trust-based approach using bayesian inference in network intrusion detection. Proceedings of the 8th international conference on security and privacy in communication networks; 2012; Padua, Italy; p. 203–221.
  • Boyer RS, Moore JS. A fast string searching algorithm. Commun ACM. 1977;20(10):762–772. doi: 10.1145/359842.359859
  • Horspool R. Practical fast searching in strings. Softw Pract Exp. 1980;10(6):501–506. doi: 10.1002/spe.4380100608
  • Aho AV, Corasick MJ. Efficient string matching: an aid to bibliographic search. Commun ACM. 1975;18(6):333–340. doi: 10.1145/360825.360855
  • Wu S, Manber U. A fast algorithm for multi-pattern searching. Technical Report TR–94–17, Department of Computer Science, University of Arizona; 1994.
  • Meng Y, Li W, Kwok LF. Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection. Comput Netw. 2013;57(17):3630–3640. doi: 10.1016/j.comnet.2013.08.009
  • Pietraszek T. Using adaptive alert classification to reduce false positives in intrusion detection. Proceedings of the 7th international symposium on recent advances in intrusion detection; 2004; Sophia Antipolis, France; p. 102–124.
  • Law KH, Kwok LF. IDS false alarm filtering using KNN classifier. Proceedings of the 5th international conference on information security applications; 2005; Jeju Island, Korea; p. 114–121.
  • Alharby A, Imai H. IDS false alarm reduction using continuous and discontinuous patterns. Proceedings of the 3rd international conference on applied cryptography and network security; 2005; New York, NY, USA; p. 192–205.
  • Meng Y, Kwok LF. Adaptive false alarm filter using machine learning in intrusion detection. Proceedings of the 6th international conference on intelligent systems and knowledge engineering; 2011; Shanghai, China; p. 573–584.
  • Meng Y, Li W, Kwok LF. Intelligent alarm filter using knowledge-based alert verification in network intrusion detection. Proceedings of the 20th international symposium on methodologies for intelligent systems; 2012; Macau, China; p. 115–124.
  • Meng Y, Kwok LF. Adaptive non-critical alarm reduction using hash-based contextual signatures in intrusion detection. Comput Commun. 2014;38:50–59. doi: 10.1016/j.comcom.2013.11.001
  • Meng Y, Kwok LF. Towards an information-theoretic approach for measuring intelligent false alarm reduction in intrusion detection. Proceedings of the 12th IEEE international conference on trust, security and privacy in computing and communications; 2013; Melbourne, Australia; p. 241–248.
  • WEKA, Data Mining Software in Java. Available from: http://www.cs.waikato.ac.nz/ml/weka/
  • DARPA intrusion detection evaluation data set. 1999. Available from: http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999data.html
  • Wireshark, Network Protocol Analyzer. Available from: http://www.wireshark.org/

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.